Skip to content
Snippets Groups Projects
Commit 764b6cb7 authored by catch's avatar catch
Browse files

Issue #3458403 by mstrelan: Conditionally disable access to update manager routes

(cherry picked from commit 7f878e8e)
parent 7f752fe0
No related branches found
No related tags found
10 merge requests!12802Issue #3537193 by opauwlo: Add enable absolute path option for CKEditor5 image uploads,!12745Fixed: Path alias language doesn't changes on changing of node language,!12684Issue #3220784,!12537Add ViewsConfigUpdater deprecation support for default_argument_skip_url,!12523Issue #3493858 by vidorado, xavier.masson, smustgrave: Extend ViewsBlockBase...,!122353526426-warning-for-missing,!11958Issue #3490507 by alexpott, smustgrave: Fix bogus mocking in...,!11769Issue #3517987: Add option to contextual filters to encode slashes in query parameter.,!11185Issue #3477324 by andypost, alexpott: Fix usage of str_getcsv() and fgetcsv() for PHP 8.4,!9944Issue #3483353: Consider making the createCopy config action optionally fail...
Pipeline #218690 passed
Pipeline: drupal

#218726

    Pipeline: drupal

    #218724

      Pipeline: drupal

      #218711

        +1
        <?php
        declare(strict_types=1);
        namespace Drupal\update\Routing;
        use Drupal\Core\Routing\RouteSubscriberBase;
        use Drupal\Core\Site\Settings;
        use Symfony\Component\Routing\RouteCollection;
        /**
        * Route subscriber for Update module routes.
        */
        class UpdateRouteSubscriber extends RouteSubscriberBase {
        /**
        * Constructs a new UpdateRouteSubscriber.
        */
        public function __construct(
        protected Settings $settings,
        ) {
        }
        /**
        * {@inheritdoc}
        */
        protected function alterRoutes(RouteCollection $collection) {
        if ($this->settings->get('allow_authorize_operations', TRUE)) {
        return;
        }
        $routes = [
        'update.report_install',
        'update.report_update',
        'update.module_install',
        'update.module_update',
        'update.theme_install',
        'update.theme_update',
        'update.confirmation_page',
        ];
        foreach ($routes as $route) {
        $route = $collection->get($route);
        $route->setRequirement('_access', 'FALSE');
        }
        }
        }
        ...@@ -30,7 +30,6 @@ update.report_install: ...@@ -30,7 +30,6 @@ update.report_install:
        _title: 'Add new module or theme' _title: 'Add new module or theme'
        requirements: requirements:
        _permission: 'administer software updates' _permission: 'administer software updates'
        _access_update_manager: 'TRUE'
        update.report_update: update.report_update:
        path: '/admin/reports/updates/update' path: '/admin/reports/updates/update'
        ...@@ -39,7 +38,6 @@ update.report_update: ...@@ -39,7 +38,6 @@ update.report_update:
        _title: 'Update' _title: 'Update'
        requirements: requirements:
        _permission: 'administer software updates' _permission: 'administer software updates'
        _access_update_manager: 'TRUE'
        update.module_install: update.module_install:
        path: '/admin/modules/install' path: '/admin/modules/install'
        ...@@ -48,7 +46,6 @@ update.module_install: ...@@ -48,7 +46,6 @@ update.module_install:
        _title: 'Add new module' _title: 'Add new module'
        requirements: requirements:
        _permission: 'administer software updates' _permission: 'administer software updates'
        _access_update_manager: 'TRUE'
        update.module_update: update.module_update:
        path: '/admin/modules/update' path: '/admin/modules/update'
        ...@@ -57,7 +54,6 @@ update.module_update: ...@@ -57,7 +54,6 @@ update.module_update:
        _title: 'Update' _title: 'Update'
        requirements: requirements:
        _permission: 'administer software updates' _permission: 'administer software updates'
        _access_update_manager: 'TRUE'
        update.theme_install: update.theme_install:
        path: '/admin/theme/install' path: '/admin/theme/install'
        ...@@ -66,7 +62,6 @@ update.theme_install: ...@@ -66,7 +62,6 @@ update.theme_install:
        _title: 'Add new theme' _title: 'Add new theme'
        requirements: requirements:
        _permission: 'administer software updates' _permission: 'administer software updates'
        _access_update_manager: 'TRUE'
        update.theme_update: update.theme_update:
        path: '/admin/appearance/update' path: '/admin/appearance/update'
        ...@@ -75,7 +70,6 @@ update.theme_update: ...@@ -75,7 +70,6 @@ update.theme_update:
        _title: 'Update' _title: 'Update'
        requirements: requirements:
        _permission: 'administer software updates' _permission: 'administer software updates'
        _access_update_manager: 'TRUE'
        # @todo Deprecate this route once # @todo Deprecate this route once
        # https://www.drupal.org/project/drupal/issues/3159210 is fixed, or remove # https://www.drupal.org/project/drupal/issues/3159210 is fixed, or remove
        ...@@ -97,4 +91,3 @@ update.confirmation_page: ...@@ -97,4 +91,3 @@ update.confirmation_page:
        _title: 'Ready to update' _title: 'Ready to update'
        requirements: requirements:
        _permission: 'administer software updates' _permission: 'administer software updates'
        _access_update_manager: 'TRUE'
        ...@@ -24,3 +24,6 @@ services: ...@@ -24,3 +24,6 @@ services:
        logger.channel.update: logger.channel.update:
        parent: logger.channel_base parent: logger.channel_base
        arguments: [ 'update' ] arguments: [ 'update' ]
        update.route_subscriber:
        class: Drupal\update\Routing\UpdateRouteSubscriber
        arguments: ['@settings']
        0% Loading or .
        You are about to add 0 people to the discussion. Proceed with caution.
        Please register or to comment